Synopsis: This presentation will show how to integrate a compliance framework into application security testing to produce an effective mechanism for presenting risk. Regulations, including security breach notification legislation, HIPAA, FISMA and other regulations specify penalties for failing to safeguard specific types of information. This presentation will demonstrate how to weave regulatory frameworks into the application testing process and how to quantify risk based upon penalties and ease of exploitation. Using real world examples, the presenters will show how this methodology can be used to justify security testing as a necessary expenditure for a secure environment.

Synopsis: This presentation will show how to integrate a compliance framework into application security testing to produce an effective mechanism for presenting risk. Regulations, including security breach notification legislation, HIPAA, FISMA and other regulations specify penalties for failing to safeguard specific types of information. This presentation will demonstrate how to weave regulatory frameworks into the application testing process and how to quantify risk based upon penalties and ease of exploitation. Using real world examples, the presenters will show how this methodology can be used to justify security testing as a necessary expenditure for a secure environment.

Synopsis: This presentation will show how to integrate a compliance framework into application security testing to produce an effective mechanism for presenting risk. Regulations, including security breach notification legislation, HIPAA, FISMA and other regulations specify penalties for failing to safeguard specific types of information. This presentation will demonstrate how to weave regulatory frameworks into the application testing process and how to quantify risk based upon penalties and ease of exploitation. Using real world examples, the presenters will show how this methodology can be used to justify security testing as a necessary expenditure for a secure environment.